OpenVas tutorial for beginners using web and metasploit

This is a basic openvas tutorial for beginners. I will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. You will also learn how to import an openvas report into the metasploit database.

On the first run of ovenvas scanner on kali linux you need to run a setup script – if you do this as part of this OpenVas tutorial for beginners, then you will not need to do it again.apps > kali > vlnerability analysis > openvas > openvas initial setup
You only need to run this once

You’ll need to set a password so that you can sign in:openvasmd –user=admin –new-password=Your_New_password
You only need to run this once

OpenVas tutorial for beginners

OpenVas tutorial for beginners: Web ui

Once openvas has started, open your browser and point it to:

https://127.0.0.1:9392

This opens the ‘greenbone’ web interface for openvas and sign in.
To initiate a simple scan of an ip address or hostname, click the small (tiny) purple icon with the wand in it. This will take you to a screen with an input where you can perform a full fast scan of a host.

There are loads of menus in the greenbone web ui:

Scan management
The most important entry in this menu is ‘New Task’ – you can start complex scans from this screen.

Asset Management
Currently contains a single item: Hosts
This is where the list of accumulated hosts form all your scans appear.

Sec Info Management
Contains a few items, each representing the vulnerability databases that openvas knows about